Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Security & Risk Analysis

wordpress.org/plugins/multibanco-ifthen-software-gateway-for-woocommerce

Secure WooCommerce payments with Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis, and PIX via ifthenpay’s payment gateway.

8K active installs v11.5.3 PHP 7.2+ WP 5.8+ Updated Mar 15, 2026

atmecommercehomebankingifthenpayportugal

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 19d ago

Risk Assessment

This plugin, "multibanco-ifthen-software-gateway-for-woocommerce" v11.5.3, exhibits a generally good security posture due to its diligent use of prepared statements for SQL queries and a high percentage of properly escaped outputs. The absence of known vulnerabilities in its history is also a positive indicator. However, a significant concern arises from the substantial attack surface presented by its 8 AJAX handlers, with 6 of them lacking any authentication checks. This means that potentially sensitive actions or data accessible via these unprotected AJAX endpoints could be triggered or accessed by unauthenticated users, posing a considerable risk. Furthermore, the presence of 2 flows with unsanitized paths in the taint analysis, while not classified as critical or high, warrants attention as they indicate potential avenues for improper data handling that could be exploited.

Key Concerns

6 AJAX handlers without authentication checks
2 flows with unsanitized paths in taint analysis

Vulnerabilities

None known

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

110

1102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

91% escaped1212 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

11 flows2 with unsanitized paths

process_admin_options (class-wc-cofidispay-ifthen-webdados.php:603)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 8

authwp_ajax_wc_mbway_ifthen_order_statusclass-wc-ifthen-webdados.php:350

noprivwp_ajax_wc_mbway_ifthen_order_statusclass-wc-ifthen-webdados.php:351

authwp_ajax_wc_cofidispay_ifthenpay_order_statusclass-wc-ifthen-webdados.php:352

noprivwp_ajax_wc_cofidispay_ifthenpay_order_statusclass-wc-ifthen-webdados.php:353

authwp_ajax_wc_gateway_ifthenpay_order_statusclass-wc-ifthen-webdados.php:354

noprivwp_ajax_wc_gateway_ifthenpay_order_statusclass-wc-ifthen-webdados.php:355

authwp_ajax_mbway_ifthen_request_payment_againclass-wc-ifthen-webdados.php:357

authwp_ajax_ifthenpay_dismiss_newmethod_noticeclass-wc-ifthen-webdados.php:361

WordPress Hooks 159

actionwoocommerce_order_details_after_order_tableclass-wc-cofidispay-ifthen-webdados.php:107

filterwoocommerce_available_payment_gatewaysclass-wc-cofidispay-ifthen-webdados.php:108

filterwoocommerce_available_payment_gatewaysclass-wc-cofidispay-ifthen-webdados.php:109

filterwoocommerce_available_payment_gatewaysclass-wc-cofidispay-ifthen-webdados.php:110

filterwoocommerce_available_payment_gatewaysclass-wc-cofidispay-ifthen-webdados.php:111

actionwoocommerce_api_wc_cofidispayreturn_ifthen_webdadosclass-wc-cofidispay-ifthen-webdados.php:125

actionwoocommerce_api_wc_cofidispay_ifthen_webdadosclass-wc-cofidispay-ifthen-webdados.php:128

actionadmin_noticesclass-wc-cofidispay-ifthen-webdados.php:131

filtercofidispay_ifthen_sandboxclass-wc-cofidispay-ifthen-webdados.php:134

actionwoocommerce_order_details_after_order_tableclass-wc-creditcard-ifthen-webdados.php:110

filterwoocommerce_available_payment_gatewaysclass-wc-creditcard-ifthen-webdados.php:111

filterwoocommerce_available_payment_gatewaysclass-wc-creditcard-ifthen-webdados.php:112

filterwoocommerce_available_payment_gatewaysclass-wc-creditcard-ifthen-webdados.php:113

filterwoocommerce_available_payment_gatewaysclass-wc-creditcard-ifthen-webdados.php:114

actionwoocommerce_api_wc_creditcardreturn_ifthen_webdadosclass-wc-creditcard-ifthen-webdados.php:135

actionwoocommerce_api_wc_creditcard_ifthen_webdadosclass-wc-creditcard-ifthen-webdados.php:138

actionadmin_noticesclass-wc-creditcard-ifthen-webdados.php:141

filterwoocommerce_email_enabled_customer_processing_orderclass-wc-creditcard-ifthen-webdados.php:865

filterwoocommerce_email_enabled_full_paymentclass-wc-creditcard-ifthen-webdados.php:866

filterwoocommerce_email_enabled_customer_partially_paidclass-wc-creditcard-ifthen-webdados.php:1010

filterwoocommerce_email_enabled_partial_paymentclass-wc-creditcard-ifthen-webdados.php:1011

filterwoocommerce_email_enabled_customer_partially_paidclass-wc-creditcard-ifthen-webdados.php:1187

filterwoocommerce_email_enabled_partial_paymentclass-wc-creditcard-ifthen-webdados.php:1188

actionwoocommerce_order_details_after_order_tableclass-wc-gateway-ifthen-webdados.php:120

filterwoocommerce_available_payment_gatewaysclass-wc-gateway-ifthen-webdados.php:121

filterwoocommerce_available_payment_gatewaysclass-wc-gateway-ifthen-webdados.php:122

filterwoocommerce_available_payment_gatewaysclass-wc-gateway-ifthen-webdados.php:123

filterwoocommerce_available_payment_gatewaysclass-wc-gateway-ifthen-webdados.php:124

actionwoocommerce_api_wc_gatewayreturn_ifthen_webdadosclass-wc-gateway-ifthen-webdados.php:138

actionwoocommerce_api_wc_gateway_ifthen_webdadosclass-wc-gateway-ifthen-webdados.php:141

actionadmin_noticesclass-wc-gateway-ifthen-webdados.php:144

filterwoocommerce_email_enabled_customer_processing_orderclass-wc-gateway-ifthen-webdados.php:1106

filterwoocommerce_email_enabled_full_paymentclass-wc-gateway-ifthen-webdados.php:1107

filterwoocommerce_email_enabled_customer_partially_paidclass-wc-gateway-ifthen-webdados.php:1402

filterwoocommerce_email_enabled_partial_paymentclass-wc-gateway-ifthen-webdados.php:1403

actioninitclass-wc-ifthen-webdados.php:151

filterwoocommerce_payment_gatewaysclass-wc-ifthen-webdados.php:332

actionwoocommerce_blocks_loadedclass-wc-ifthen-webdados.php:333

actionadd_meta_boxesclass-wc-ifthen-webdados.php:334

filterwoocommerce_shop_order_search_fieldsclass-wc-ifthen-webdados.php:335

filterwoocommerce_order_table_search_query_meta_keysclass-wc-ifthen-webdados.php:336

actionwoocommerce_checkout_update_order_metaclass-wc-ifthen-webdados.php:337

filterwoocommerce_order_data_store_cpt_get_orders_queryclass-wc-ifthen-webdados.php:338

actionwoocommerce_cancel_unpaid_ordersclass-wc-ifthen-webdados.php:339

filterapg_sms_messageclass-wc-ifthen-webdados.php:340

filterapg_sms_messageclass-wc-ifthen-webdados.php:341

filterwcs_renewal_order_metaclass-wc-ifthen-webdados.php:342

filterwcs_resubscribe_order_metaclass-wc-ifthen-webdados.php:343

filterwcs_renewal_order_createdclass-wc-ifthen-webdados.php:344

actionplugins_loadedclass-wc-ifthen-webdados.php:345

actionwoocommerce_new_customer_noteclass-wc-ifthen-webdados.php:346

actionadmin_enqueue_scriptsclass-wc-ifthen-webdados.php:347

actionafter_setup_themeclass-wc-ifthen-webdados.php:348

actionwoocommerce_order_item_add_action_buttonsclass-wc-ifthen-webdados.php:359

actionadmin_noticesclass-wc-ifthen-webdados.php:363

actioninitclass-wc-ifthen-webdados.php:365

filterwoocommerce_valid_order_statuses_for_paymentclass-wc-ifthen-webdados.php:371

actioninitclass-wc-ifthen-webdados.php:373

actionwc_ifthen_hourly_cronclass-wc-ifthen-webdados.php:381

actionafter_setup_themeclass-wc-ifthen-webdados.php:383

actionwc_ifthen_hourly_cronclass-wc-ifthen-webdados.php:393

actionwoocommerce_before_pay_actionclass-wc-ifthen-webdados.php:398

filterwoocommerce_my_account_my_orders_actionsclass-wc-ifthen-webdados.php:405

actionplugins_loadedclass-wc-ifthen-webdados.php:409

actionwoocommerce_blocks_payment_method_type_registrationclass-wc-ifthen-webdados.php:540

actionwoocommerce_blocks_payment_method_type_registrationclass-wc-ifthen-webdados.php:548

actionwoocommerce_blocks_payment_method_type_registrationclass-wc-ifthen-webdados.php:556

actionwoocommerce_blocks_payment_method_type_registrationclass-wc-ifthen-webdados.php:564

actionwoocommerce_blocks_payment_method_type_registrationclass-wc-ifthen-webdados.php:572

actionwoocommerce_blocks_payment_method_type_registrationclass-wc-ifthen-webdados.php:580

actionwoocommerce_checkout_order_processedclass-wc-ifthen-webdados.php:1933

actionwoocommerce_checkout_order_processedclass-wc-ifthen-webdados.php:2056

filterplugin_localeclass-wc-ifthen-webdados.php:3077

filterplugin_localeclass-wc-ifthen-webdados.php:3105

filterplugin_localeclass-wc-ifthen-webdados.php:3162

actionparse_queryclass-wc-ifthen-webdados.php:3778

actionwoocommerce_order_details_after_order_tableclass-wc-mbway-ifthen-webdados.php:123

filterwoocommerce_available_payment_gatewaysclass-wc-mbway-ifthen-webdados.php:124

filterwoocommerce_available_payment_gatewaysclass-wc-mbway-ifthen-webdados.php:125

filterwoocommerce_available_payment_gatewaysclass-wc-mbway-ifthen-webdados.php:126

filterwoocommerce_available_payment_gatewaysclass-wc-mbway-ifthen-webdados.php:127

actionwoocommerce_api_wc_mbway_ifthen_webdadosclass-wc-mbway-ifthen-webdados.php:148

filterwoocommerce_payment_complete_reduce_order_stockclass-wc-mbway-ifthen-webdados.php:151

actionadmin_noticesclass-wc-mbway-ifthen-webdados.php:154

filterwoocommerce_email_enabled_customer_partially_paidclass-wc-mbway-ifthen-webdados.php:1539

filterwoocommerce_email_enabled_partial_paymentclass-wc-mbway-ifthen-webdados.php:1540

actionwoocommerce_order_details_after_order_tableclass-wc-multibanco-ifthen-webdados.php:112

filterwoocommerce_available_payment_gatewaysclass-wc-multibanco-ifthen-webdados.php:113

filterwoocommerce_available_payment_gatewaysclass-wc-multibanco-ifthen-webdados.php:114

filterwoocommerce_available_payment_gatewaysclass-wc-multibanco-ifthen-webdados.php:115

filterwoocommerce_available_payment_gatewaysclass-wc-multibanco-ifthen-webdados.php:116

filterwc_twilio_sms_customer_sms_before_variable_replaceclass-wc-multibanco-ifthen-webdados.php:123

filterywsn_sms_placeholdersclass-wc-multibanco-ifthen-webdados.php:126

actionwoocommerce_api_wc_multibanco_ifthen_webdadosclass-wc-multibanco-ifthen-webdados.php:145

filterwoocommerce_payment_complete_reduce_order_stockclass-wc-multibanco-ifthen-webdados.php:148

actionadmin_noticesclass-wc-multibanco-ifthen-webdados.php:151

filterwoocommerce_email_enabled_customer_processing_orderclass-wc-multibanco-ifthen-webdados.php:1210

filterwoocommerce_email_enabled_full_paymentclass-wc-multibanco-ifthen-webdados.php:1211

filterwoocommerce_email_enabled_customer_partially_paidclass-wc-multibanco-ifthen-webdados.php:1495

filterwoocommerce_email_enabled_partial_paymentclass-wc-multibanco-ifthen-webdados.php:1496

filterwoocommerce_new_order_email_allows_resendclass-wc-multibanco-ifthen-webdados.php:1508

actionwoocommerce_order_details_after_order_tableclass-wc-payshop-ifthen-webdados.php:104

filterwoocommerce_available_payment_gatewaysclass-wc-payshop-ifthen-webdados.php:105

filterwoocommerce_available_payment_gatewaysclass-wc-payshop-ifthen-webdados.php:106

filterwoocommerce_available_payment_gatewaysclass-wc-payshop-ifthen-webdados.php:107

filterwoocommerce_available_payment_gatewaysclass-wc-payshop-ifthen-webdados.php:108

filterwc_twilio_sms_customer_sms_before_variable_replaceclass-wc-payshop-ifthen-webdados.php:115

filterywsn_sms_placeholdersclass-wc-payshop-ifthen-webdados.php:118

actionwoocommerce_api_wc_payshop_ifthen_webdadosclass-wc-payshop-ifthen-webdados.php:137

filterwoocommerce_payment_complete_reduce_order_stockclass-wc-payshop-ifthen-webdados.php:140

actionadmin_noticesclass-wc-payshop-ifthen-webdados.php:143

filterwoocommerce_email_enabled_customer_processing_orderclass-wc-payshop-ifthen-webdados.php:1121

filterwoocommerce_email_enabled_full_paymentclass-wc-payshop-ifthen-webdados.php:1122

filterwoocommerce_email_enabled_customer_partially_paidclass-wc-payshop-ifthen-webdados.php:1323

filterwoocommerce_email_enabled_partial_paymentclass-wc-payshop-ifthen-webdados.php:1324

filterwoocommerce_new_order_email_allows_resendclass-wc-payshop-ifthen-webdados.php:1336

filtermultibanco_ifthen_show_callback_noticehooks-examples.php:16

filtermbway_ifthen_show_callback_noticehooks-examples.php:22

filterpayshop_ifthen_show_callback_noticehooks-examples.php:28

filtermultibanco_ifthen_format_refhooks-examples.php:39

filtermbway_ifthen_webservice_deschooks-examples.php:52

filtermultibanco_ifthen_email_instructions_table_htmlhooks-examples.php:85

filtermbway_ifthen_email_instructions_table_htmlhooks-examples.php:112

filtermultibanco_ifthen_email_instructions_payment_receivedhooks-examples.php:132

filtermbway_ifthen_email_instructions_payment_receivedhooks-examples.php:151

filtermultibanco_ifthen_thankyou_instructions_table_htmlhooks-examples.php:184

filtermbway_ifthen_thankyou_instructions_table_htmlhooks-examples.php:211

filtermbway_ifthen_enable_check_order_status_thankyouhooks-examples.php:224

filtermultibanco_ifthen_sms_instructionshooks-examples.php:240

actionmultibanco_ifthen_callback_payment_completehooks-examples.php:256

actionmbway_ifthen_callback_payment_completehooks-examples.php:267

actionmultibanco_ifthen_callback_payment_failedhooks-examples.php:280

actionmbway_ifthen_callback_payment_failedhooks-examples.php:293

actionpayshop_ifthen_callback_payment_failedhooks-examples.php:306

filterwoocommerce_gateway_iconhooks-examples.php:321

filterwoocommerce_gateway_iconhooks-examples.php:336

filtermultibanco_ifthen_base_ent_subenthooks-examples.php:357

filtermultibanco_ifthen_base_mbwaykeyhooks-examples.php:376

actionmultibanco_ifthen_created_referencehooks-examples.php:389

actionmbway_ifthen_created_referencehooks-examples.php:402

filtermultibanco_ifthen_set_on_holdhooks-examples.php:415

filtermbway_ifthen_order_initial_status_pendinghooks-examples.php:421

filtermultibanco_ifthen_cancel_unpaid_ordershooks-examples.php:427

filtermultibanco_ifthen_cancel_unpaid_orders_restore_stockhooks-examples.php:440

actionmultibanco_ifthen_unpaid_order_cancelledhooks-examples.php:451

filterpayshop_ifthen_cancel_unpaid_ordershooks-examples.php:457

filterpayshop_ifthen_cancel_unpaid_orders_restore_stockhooks-examples.php:470

actionpayshop_ifthen_unpaid_order_cancelledhooks-examples.php:481

filtermbway_ifthen_cancel_unpaid_ordershooks-examples.php:488

filtermbway_ifthen_cancel_unpaid_orders_restore_stockhooks-examples.php:501

actionmbway_ifthen_unpaid_order_cancelledhooks-examples.php:512

filtermultibanco_ifthen_email_instructions_pending_sendhooks-examples.php:525

filtermbway_ifthen_email_instructions_pending_sendhooks-examples.php:538

filtermultibanco_ifthen_email_instructions_payment_received_sendhooks-examples.php:551

filtermbway_ifthen_email_instructions_payment_received_sendhooks-examples.php:564

filtermultibanco_ifthen_mbway_settings_fieldshooks-examples.php:595

actionadmin_noticesmultibanco_ifthen_for_woocommerce.php:46

actionplugins_loadedmultibanco_ifthen_for_woocommerce.php:49

actionbefore_woocommerce_initmultibanco_ifthen_for_woocommerce.php:106

Maintenance & Trust

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 15, 2026

PHP min version7.2

Downloads320K

Community Trust

Rating100/100

Number of ratings21

Active installs8K

Alternatives

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Alternatives

Payment Multibanco and MB WAY for FluentCart via ifthenpay

payment-multibanco-for-fluent-cart-via-ifthenpay

100

Secure FluentCart payments with Multibanco and MB WAY via ifthenpay’s payment gateway.

0 No CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 42 CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Mailchimp for WooCommerce

mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K 2 CVEs

Developer Profile

Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce Developer Profile

Marco Almeida | Webdados

21 plugins · 27K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

143 days

View full developer profile

Detection Fingerprints

How We Detect Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/css/admin.css/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/css/checkout.css/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/js/admin.js/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/js/checkout.js/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/js/webdados_common.js

Script Paths

/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/js/admin.js/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/js/checkout.js/wp-content/plugins/multibanco-ifthen-software-gateway-for-woocommerce/js/webdados_common.js

Version Parameters

multibanco-ifthen-software-gateway-for-woocommerce/css/admin.css?ver=multibanco-ifthen-software-gateway-for-woocommerce/css/checkout.css?ver=multibanco-ifthen-software-gateway-for-woocommerce/js/admin.js?ver=multibanco-ifthen-software-gateway-for-woocommerce/js/checkout.js?ver=multibanco-ifthen-software-gateway-for-woocommerce/js/webdados_common.js?ver=

HTML / DOM Fingerprints

CSS Classes

wc-ifthen-gateway-option

HTML Comments

/* If you're reading this you must know what you're doing ;-) Greetings from sunny Portugal! */

Data Attributes

data-cofidispaykeydata-secret-key

JS Globals

window.wc_ifthen_pay_params

FAQ